Overview

overview

6

Static

static

豪迪QQ�...r1.dll

windows7-x64

1

豪迪QQ�...r1.dll

windows10-2004-x64

1

豪迪QQ�...og.dll

windows7-x64

1

豪迪QQ�...og.dll

windows10-2004-x64

1

豪迪QQ�...fo.dll

windows7-x64

6

豪迪QQ�...fo.dll

windows10-2004-x64

6

豪迪QQ�...13.exe

windows7-x64

6

豪迪QQ�...13.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5acd875611e7622ff7b4a922262a49897693943625d5b497f62eb3e7d903b186

  • Size

    4.7MB

  • Sample

    221123-vna4yscd6z

  • MD5

    c9b0a492274bbb229ce58a5c265b233e

  • SHA1

    89cbdc155646a3b7d573b94d348acee01e7e5dd8

  • SHA256

    5acd875611e7622ff7b4a922262a49897693943625d5b497f62eb3e7d903b186

  • SHA512

    47c8625e8b13edd227e882e0fc3c2398d8cc798c861145fce45b087c47de02b1b396681baa0330413cc041ffbfe1080deb7acdc70581978dfb2853ad07f3b180

  • SSDEEP

    98304:CcDX/liFR4jmGH48Gfk1rfY2gMyAXKu6lByM+UuLU785t6U4:J98Eyfk4vAx6aawkU4

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      豪迪QQ群发7.7 破解版/CheckVer1.dll

    • Size

      41KB

    • MD5

      cc6d2f0d3e2982be8d1f37bb276e41a6

    • SHA1

      a0d7993f265d19c0cd91070d68d84a24ee41a493

    • SHA256

      a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231

    • SHA512

      cea88dcdf6b6da2c894e234628d49784977de66bfbebe6b490195d622dceeac245d88b3ff429b3b6b0297e4db9bdde10e14a3b4278e8b2e1850f811bef9da67f

    • SSDEEP

      768:SCpqFQtwmjmx+0jp61c4O99Yr3zhv8TUJmHps04BtzXBGkG+I8x:1pqFQVCNVdrYr3eUk8Vxa+Jx

    Score
    1/10
    behavioral1behavioral2

    • Target

      豪迪QQ群发7.7 破解版/Desklog.dll

    • Size

      1KB

    • MD5

      bd51f00d39ba2c00249e6ea39db09201

    • SHA1

      dfcaa94329dee74fd0b768e0f1d851908d86db61

    • SHA256

      edbbf8d5575d53f4b9a02e4a8e1d266aac4bba557436746a654b0a9cfef60490

    • SHA512

      63688789eee07e63f216e8ba5177ea826fd6d13e2531928fd69838904b7964aec55c1a604e0d9cf7d36fabd113229cdec8063e3e856a219f56c0dd7a79df44b5

    Score
    1/10
    behavioral3behavioral4

    • Target

      豪迪QQ群发7.7 破解版/GetInfo.dll

    • Size

      41KB

    • MD5

      eedbb80f1f86de86a725e732e59b57bc

    • SHA1

      0db7783259907768cf8f300a2953707d926afa16

    • SHA256

      a42a94dbb4ed29fd71b0d4e67082bb01cf678d08582f46fe16f1c88b9e58f946

    • SHA512

      c82e86a9fccfba73c051eb462080a950f047b706f904f3a2fc75bbbce1d1892c1c6f22521fe0f661b8a39c4cab368cda6a46a3f431bde4528281cabc2420977c

    • SSDEEP

      768:WCpqOQdwHPoBuUSdB6zW/U9Bok+VN5KvwEW3XkjTkd4Btd8VeGiSB8xZ:RpqOQYM9SzsoBBta78E9SmxZ

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      豪迪QQ群发7.7 破解版/QS2013.exe

    • Size

      2.2MB

    • MD5

      327f826191b63c077bbe95ef3dd5f63a

    • SHA1

      bec63f9b09f91a4b307ad11619126ace7fe0b18e

    • SHA256

      7e13145fdbdc9cdb8f103f1d654ebbd3188d75274b82298990eda1d9a5667ab2

    • SHA512

      26b647ec8e8a435565ff914133d459c9aa9c58cfef8fa691025b104f356d01ab7d225c243a196a13a595a95bb4aab1942fd6a2619ee30c918368e59130819699

    • SSDEEP

      49152:hDHRzI9C8WN+j65234IPcunLh6X/IwgqGl1WqYQby6WWouFhKUNmRWdiqUbL2Iql:ZHdIMHNgL0udmglGsjUOx

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

2
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks